IP47.246.44.205:0 ASN#24429 Zhejiang Taobao Network Co.,Ltd
Hash6b14d338fd674a5acca006ee57385186 65c25f03ef622cd927efba8797350a01ec6b25c1 fb7c3773130b2e2f027c7562c4db018e515fddc0c759967ea22adad5f4a34b5c
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Thu, 01 Jun 2023 05:05:55 GMT
last-modified: Wed, 31 May 2023 20:07:07 GMT
expires: Wed, 07 Jun 2023 20:07:06 GMT
etag: "65c25f03ef622cd927efba8797350a01ec6b25c1"
cache-control: max-age=587482,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb6
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7d04eca13c722c56-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1685595955
via: cache15.l2de2[0,0,304-0,H], cache20.l2de2[1,0], cache3.se1[0,0,200-0,H], cache1.se1[2,0], cache2.se1[5,0]
age: 615
x-cache: HIT TCP_MEM_HIT dirn:2:388209753
x-swift-savetime: Thu, 01 Jun 2023 05:07:38 GMT
x-swift-cachetime: 1697
timing-allow-origin: *, *
eagleid: 2ff62c9616855965707058133e, 2ff62c9616855965707058133e
|
| rj.shuolanwl01.top/guge/ChromeSetup.exe | 123.234.2.86 | 200 OK | 14 MB |
URL User Request GET HTTP/1.1rj.shuolanwl01.top/guge/ChromeSetup.exe IP123.234.2.86:80 ASN#4837 CHINA UNICOM China169 Backbone
File typePE32 executable (GUI) Intel 80386, for MS Windows\012- data Size14 MB (13778376 bytes) Hash247df534f84e33e5293ecf1e611a331c e8bd471856aec066d35ddcf7b9fe2614325814e8 b1a6e7a01d0266f973e442be0b482bf53cbf3eff8d8e52748be137eb682a9f0b
Analyzer | Verdict | Alert | VirusTotal | 4/71 | |
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | medium | ET INFO HTTP Request to a *.top domain | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP | suricata | low | ET HUNTING Possible EXE Download From Suspicious TLD |
GET /guge/ChromeSetup.exe HTTP/1.1
Host: rj.shuolanwl01.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Last-Modified: Sun, 16 Apr 2023 23:36:27 GMT
Etag: "0727a43bc70d91:0"
Content-Type: application/octet-stream
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 17 Apr 2023 15:52:12 GMT
Content-Length: 13778376
Accept-Ranges: bytes
X-NWS-LOG-UUID: 7769814998172250296
Connection: keep-alive
X-Cache-Lookup: Cache Hit
|